You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mike Grandmaison <ja...@yahoo.com> on 2007/05/28 16:18:12 UTC

Tomcat Native Library Breaks SSL

I am working with

Windows XP
Tomcat 5.5.23


http://tomcat.heanet.ie/native/1.1.10/binaries/win32/


I followed the openssl instructions at 

http://www.galatea.com/flashguides/tomcat-ssl-5-unix

to setup my ssl.  

When I start tomcat and try to connect to localhost:8443 the browser sits there loading for a long time.  After a couple minutes of waiting the browser stops and says

The connection was interrupted
The connection to 127.0.0.1:8443 was interrupted while the page was loading

I finally removed the tcnative-1.dll from my windows/system32 directory and restarted tomcat.  The ssl works properly now.

I probably spent a couple days debugging this problem.  Anyone know why the native library stops ssl from working?  Also I did adjust the debug="0" to debug="5" but didn't receive any more detailed output.  

My conf/server.xml looks like:

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
               keystoreFile="mycert.p12" 
               keystorePass="changeit"/>

I tried changing my ssl connector xml to ajp syntax like:

    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEngine="on" 
               SSLCertificateFile="${catalina.base}/conf/localhost.crt"
               SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />

but I renamed my mycert.pem to localhost.crt and mykey.pem to localhost.key - the files created from the www.galatea.com instructions - but it resulted in the same browser loading till the problem loading page message.

Thanks for any advice.  

MG



       
____________________________________________________________________________________Ready for the edge of your seat? 
Check out tonight's top picks on Yahoo! TV. 
http://tv.yahoo.com/

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat Native Library Breaks SSL

Posted by Lakshmi Venkataraman <la...@foundrynet.com>.

Also, use tcnative-1.1.9.  I also encountered problems with 1.1.10.

--Lakshmi
 

-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com] 
Sent: Monday, May 28, 2007 7:38 AM
To: Tomcat Users List
Subject: RE: Tomcat Native Library Breaks SSL

> From: Mike Grandmaison [mailto:java97301@yahoo.com]
> Subject: Tomcat Native Library Breaks SSL
> 
> Windows XP
> Tomcat 5.5.23
> http://tomcat.heanet.ie/native/1.1.10/binaries/win32/
> 
> I followed the openssl instructions at 
> http://www.galatea.com/flashguides/tomcat-ssl-5-unix
> to setup my ssl.  

You might try following the real documentation:
http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat Native Library Breaks SSL

Posted by "Caldarale, Charles R" <Ch...@unisys.com>.

> From: Mike Grandmaison [mailto:java97301@yahoo.com] 
> Subject: Tomcat Native Library Breaks SSL
> 
> Windows XP
> Tomcat 5.5.23
> http://tomcat.heanet.ie/native/1.1.10/binaries/win32/
> 
> I followed the openssl instructions at 
> http://www.galatea.com/flashguides/tomcat-ssl-5-unix
> to setup my ssl.  

You might try following the real documentation:
http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org